Low configuration VPN iTwin dongle examined (August 6th, 2013)
Product Manufacturer: iTwin
- One-time payment for VPN
- Nearly zero-configuration
- 256bit AES encryption
- Two-factor authentication
- Inexpensive pair replacement
- Server computer must be awake
- No double-NAT compatibility
With all the hullabaloo about law enforcement monitoring and collecting data on users, technologies like virtual private networking and encryption have popped up for more than the tin-foil hat crowd. Many of the solutions available for anonymous browsing are paid monthly, and cloud services sometimes don't offer as much protection or storage space as one might like. The iTwin Pro is a hardware solution -- a cross-platform, two-factor authentication providing, dual-headed USB dongle that connects to a server computer, generally in the user's home or office, with the other end connected to a computer in a remote location enabling encrypted file transfer, keeping sensitive files safely on a home computer, rather than in a cloud server. As an added bonus, the device allows proxy server enabled Internet use. Does the device keep its promises?
Installing the iTwin is simple. The two keys need to be physically connected to each other first, with one end of the paired device inserted into a USB 2.0 (or 3.0) port on a computer running Windows XP SP3 or greater or OS X 10.6 or newer. An iTwin application is then installed on the server computer (requiring administrative access and the computer being always awake), and an email address is provided to iTwin. The part of the iTwin dongle not inserted into the USB port on the server computer can then be removed and installed in a remote computer, with the part retained by the server computer configuring transfers for 256 bit AES encryption.
The iTwin can be used as a permanent or temporary solution. To reset the iTwin, the pair of dongles just need to be disconnected from each computer, and reconnected. Each disconnect and reconnect generates a new AES key as well. A different pair of computers can then be configured, from providing the email address to iTwin and on. No history is retained by the device, which we feel adds an additional level of security.
Loss of the device is handled very well in every regard. Transfer authentication can be stopped either by following the directions in the email sent to the user after each pairing, or by yanking out the iTwin from the "server" computer. Replacement (color coded) keys can be purchased from iTwin for half of the price of a new device.
The device also has a "teleport me" feature -- this provides for encrypted surfing under nearly any networking condition, and redirection through a server of the user's choice. This eliminates "man in the middle" attacks on data, and also cuts down on the danger of deep packet attacks, where intercepted data is inspected by a third party somewhere along the path. As a side effect, content blocked by location (such as streaming sports network content) is often available regardless of location. Internet use can be either vectored through the computer that the other end of the iTwin dongle is plugged into, or can be routed through one of a handful of iTwin public servers located across the globe.
Generally, the iTwin just works, and very simply. Speed is limited to the send-speed on the server computer's connection, generally, with no interference at all from the iTwin in the process. We ran tests in a number of locations with file transfers, VPN capability, as well as remote desktop screen sharing. All worked well on a two-megabit upload line or greater, but we recommend at least five megabit upload capability for smooth screen sharing.
We ran into a few minor quibbles with the device -- the iTwin doesn't work at all through double-NAT, meaning one router in a home or office daisy-chaining to another. However, if the second router is operating as an extender in a Wireless Distribution System (WDS)-configured network, the iTwin functions fine. Also, large transfers over the internet manifest some odd progress-bar behavior, but the issue is primarily cosmetic, and will be resolved in a future revision of the software.
While this is beyond the scope of the software for the iTwin, version control is non-existent, meaning that a local user on the server computer can be modifying a file at the same time as the remote user with no warnings. Whoever saves last will have the changes saved, with the first to save losing everything.
The iTwin device brings two-factor authentication for remote file access to the masses, without epic VPN setup costs or dedicated hardware, other than the single server computer. Beating out a cloud solution is a single-time payment, and all the storage space you want to share from your trusted computer.
Additionally, the one-time $100 payment for the pair gives the user unlimited access to proxy servers with encryption, allowing for truly secure Internet use without a monthly payment. Sure, we'd like to see some way for the iTwin to wake a computer when a login attempt is made from the paired device, but we suspect that given the limitations of computer hardware and networking gear, there's about zero chance of that happening. This all said, the device is great for travellers, or even for grabbing that fantasy league file from home when you're at Starbucks.